Re: A bit of confusion over dkim_milter_t

On Wed, 2013-07-17 at 14:08 -0800, Erinn Looney-Triggs wrote: > Sorry to respond to myself but I forgot the vitals: > > RHEL 6.4 x64 > selinux-policy-3.7.19-195.el6_4.12.noarch > > -Erinn Se its allowed to bind tcp socket to generic tcp port_t type ports if the allow_ypbind boolean is set ( sesearch with -ASCT would show you that( allow_ypbind boolean is not recommended though since it is very coarse. Instead use semanage to label the port (tcp:8891) with one of the available port types (seinfo -axport_type), then use audit2allow, after reproducing the event, to allow bind tcp socket to ports with that type You can also create a new port type and use that: cat > mytest.te <<EOF policy_module(mytest, 1.0.0) type myport_t; corenet_port(myport_t) optional_policy(\` gen_require(\` type dkim_milter_t; ') allow dkim_milter_t myport_t:tcp_socket name_bind; ') EOF make -f /usr/share/selinux/devel/Makefile mytest.pp sudo semodule -i mytest.pp > > -- > selinux mailing list > selinux(a)lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/selinux